CWE-639: CWE-639

This vulnerability allows attackers to bypass authorization controls in Saastech Cleaning and Internet Services Inc.'s TemizlikYolda software by manip...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Payload CMS where authenticated users from one authentication collectio...

This vulnerability in the SupportCandy WordPress plugin allows authenticated attackers with subscriber-level access or higher to steal file attachment...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Mikado-Themes Dolcino WordPress theme. Attackers can bypass authori...

This vulnerability allows attackers to bypass authorization controls in the Sweet Jane WordPress theme by manipulating user-controlled keys, enabling ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Mikado-Themes Verdure WordPress theme. Attackers can bypass authori...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Mikado-Themes Fleur WordPress theme. It allows attackers to bypass ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Holmes WordPress theme that allows attackers to bypass authorizatio...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Mikado-Themes Innovio WordPress theme. Attackers can bypass authori...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Overton WordPress theme by Mikado-Themes. It allows authenticated u...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Mikado-Themes Roam WordPress theme. Attackers can bypass authorizat...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Justicia WordPress theme by Mikado-Themes. It allows attackers to b...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Mikado-Themes Cocco WordPress theme that allows attackers to bypass...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Curly WordPress theme by Mikado-Themes. Attackers can bypass author...

This vulnerability allows attackers to bypass authorization controls in the Fiorello WordPress theme by manipulating user-controlled keys, potentially...

This vulnerability in the LearnPress WordPress plugin allows authenticated attackers with teacher-level access to delete arbitrary lesson material fil...

This CVE describes an authorization bypass vulnerability in the Struktur WordPress theme, allowing attackers to access unauthorized data by manipulati...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Backpack Traveler WordPress theme that allows attackers to bypass a...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Mikado-Themes FiveStar WordPress theme. Attackers can bypass author...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to read other users' order messages through the Return ...

The Post Type Switcher WordPress plugin up to version 4.0.0 has an Insecure Direct Object Reference vulnerability that allows authenticated attackers ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Alteryx Server where authenticated users can access other users' data b...

This CVE describes an authorization bypass vulnerability in the Upcoming Events Lists WordPress plugin where attackers can manipulate object reference...

This vulnerability allows attackers to bypass authorization controls by manipulating user-controlled keys, potentially accessing unauthorized data or ...

This vulnerability in GLPI allows authenticated users to modify other users' reservations, potentially disrupting IT asset management and service desk...

This vulnerability allows attackers to bypass authorization controls in JoomSky JS Job Manager by manipulating user-controlled keys, potentially acces...

This vulnerability in Puma web server allows clients to override proxy-set headers like X-Forwarded-For by sending underscore versions (X-Forwarded_Fo...

This vulnerability in the WP Extended WordPress plugin allows authenticated attackers with Contributor-level access or higher to duplicate posts creat...

This vulnerability in IBM InfoSphere Information Server 11.7 allows authenticated users to bypass authorization controls and access or modify sensitiv...

This vulnerability in the FileBird WordPress plugin allows authenticated attackers with author-level access or higher to delete folders created by oth...

This vulnerability allows unauthenticated attackers to view private WordPress posts by exploiting an insecure direct object reference in the MP3 Audio...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Quiz And Survey Master WordPress plugin that allows attackers to by...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the N-Media Frontend File Manager WordPress plugin. It allows attackers...

Unauthenticated users can view completed guest orders by Order ID in Spree e-commerce platform, potentially exposing guest user PII including names, a...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to change any user's profile picture or cover image, in...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Extensions For CF7 WordPress plugin. It allows attackers to bypass ...

The WP ULike WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Subscriber-level access o...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to access, modify, and delete Document Library entries...

This vulnerability allows attackers to bypass authorization controls in the MyD Delivery WordPress plugin by manipulating user-controlled keys, potent...

This vulnerability allows attackers to bypass authorization controls in the Jewel Theme Master Addons for Elementor WordPress plugin by manipulating u...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the wpDiscuz WordPress plugin that allows attackers to bypass authoriza...

This vulnerability allows attackers to bypass authorization controls in the PickPlugins Post Grid and Gutenberg Blocks WordPress plugin by manipulatin...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Barn2 Plugins Document Library Lite WordPress plugin. Attackers can byp...

The Campay Woocommerce Payment Gateway plugin for WordPress has a vulnerability that allows unauthenticated attackers to bypass payment processing and...

This vulnerability allows attackers to bypass authorization controls in the Media Library Assistant WordPress plugin by manipulating user-controlled k...

The QODE Wishlist for WooCommerce WordPress plugin has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to modi...

The WooCommerce OrderConvo plugin has an authorization bypass vulnerability that allows unauthenticated attackers to view sensitive order details and ...

The YITH WooCommerce Wishlist plugin for WordPress has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to disc...

The Wisly WordPress plugin has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to manipulate other users' wish...

The WPFunnels WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to register user accounts even when sit...